spf-discuss
[Top] [All Lists]

Re: Re: overall HELO FAIL

2005-05-31 19:05:11

On Fri, 27 May 2005, Julian Mehnle wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frank Ellermann wrote:
William Leibzon wrote:
receiver should not be required to test both MAILFROM and EHLO

That doesn't reflect "SHOULD test HELO".  You can't have it both ways at
the same time.

"SHOULD/RECOMMENDED" != required.

We recommend HELO checking because the semantics of v=spf1 records
inherently covers both MAIL FROM and HELO scopes, and if this is what
publishers have in mind when defining their policy, receivers SHOULD
check both identities.

We cannot _require_ it, though, for historical reasons.

My view of it is that we should not require MAILFROM either. Receiver
can choose to do spf check on MAILFROM (recommended of course that they
do) or not to. Separately they can also choose to do check on EHLO (also recommended) or not to. The receiver gets result for each and may decide
to use just that result along for rejection (if it believes its safe
to do it with SPF FAIL result) or may decide to do it based on multiple
test fail or may decide to input all results into spam scoring system.
Their system - their rules basically (although we can "recommend" certain
behavior for receivers on how to deal with combination of results without making it mandatory to follow only that algorithm).

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net


<Prev in Thread] Current Thread [Next in Thread>